1. Field of the Invention
The present invention generally relates to traffic management within a communications network, and more particularly, to management of distributed denial of service traffic within a communications network.
2. Description of the Background Art
In modern communications networks, network security has become a paramount issue. One form of attack on servers connected to a communications network involves providing a high volume of communication traffic to a particular server. The volume of attack traffic can be so large that an attacked server is caused to “crash” or to have slow processing that makes the server unable to process legitimate traffic in a timely manner. When anomalously high volumes of traffic are detected that originate from a particular router address, a portion of the network can be deactivated to stop the flow of traffic to the server being attacked. Alternatively, the traffic that is destined for the server under attack can be reflected by the router servicing that particular server. Such remedies are inefficient and stops or reflects not only traffic from the attacker, but also traffic from legitimate sources.
Therefore, there is a need in the art for a dynamic and granular traffic management technique that will improve the efficiency of handling an attacker's traffic to protect the attacked server.